<html>
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
	<title>Catalog</title>
</head>
<body>
<body background="../../img/bg.jpg"> 
	<font face="Berlin Sans FB Demi" color="#357EC7" size="3">
<center>
	<?
include('../auth.php');
include('../../config.php');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {die('Failed to connect to server: ' . mysql_error());}
           
$db = mysql_select_db(DB_DATABASE);
if(!$db) {die("Unable to select database");}
error_reporting (E_ALL ^ E_NOTICE);
?>
<br><br>
<h1>Modificare date elev</h2>
<form action="elevedit.php" method="post">
<table border="1">
<? 
$nume=$_GET['nume'];
$sql=mysql_fetch_array(mysql_query("Select * from elev where nume='".$nume."'")); 
global $sql;
echo '<tr><td>Nume: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" value="'.$sql['nume'].'" name="nume"></tr></td>';
echo '<tr><td>CNP: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" value="'.$sql['cnp'].'" name="cnp"></tr></td>';
echo '<tr><td>Email: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" value="'.$sql['email'].'" name="email"></tr></td>';
echo '<tr><td>Email parinte: <input type="text" value="'.$sql['email_parinte'].'" name="email_parinte"></tr></td>';
echo '<tr><td>Adresa:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" value="'.$sql['adresa'].'" name="adresa"></tr></td>';
echo '<tr><td>Sex(M\F): &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" value="'.$sql['sex'].'" name="sex"></tr></td>';
echo '<tr><td>Clasa: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" value="'.$sql['clasa'].'" name="clasa"';

echo '</tr></td><tr><td><center><input type="submit" value="Modifica"></center></tr></td>';
?>
</table>
</form>
<?
function clean($str) {
		$str = @trim($str);
		if(get_magic_quotes_gpc()) {
			$str = stripslashes($str);
		}
		return mysql_real_escape_string($str);
	}
$nume=clean($_POST['nume']);
$cnp=clean($_POST['cnp']);
$email=clean($_POST['email']);
$emailp=clean($_POST['email_parinte']);
$adresa=clean($_POST['adresa']);
$sex=clean($_POST['sex']);
$clasa=clean($_POST['clasa']);
if ($nume==$sql['nume'] or $cnp==$sql['cnp'] or $email==$sql['email']) {
echo '<script type="text/javascript">
window.location = "elev.php"
</script>';
} 
if ($nume!=''or $cnp!='' or $email!='') {
echo '<script type="text/javascript">
window.location = "elev.php"
</script>';
} 
if ($nume!=$sql['nume'] or $cnp!=$sql['cnp'] or $email!=$sql['email']) {
$query=mysql_query("update elev set nume='".$nume."',cnp='".$cnp."',email='".$email."',email_parinte='".$emailp."',adresa='".$adresa."',sex='".$sex."',clasa='".$clasa."' where nume='".$nume."'");
}
?>
</font>
</body>
</html>